TWiT Bits 2219

LastPass Phishing Attack

Phishing attack that could steal LastPass password manager details.
LastPass stores user’s passwords in the cloud in an encrypted vault protected by a single username and password. The vault can also be protected using various forms of two-factor authentication.
The tool allows hackers to mimic the look and feel of the LastPass browser plugin and site, owing to the way the password manager uses browser pop-up boxes or banners called “viewports” to request a user’s password and two-factor authentication key.